Businesses need mobile device management policy

Sunday

Jan 13, 2013 at 2:00 AM

It should come as no surprise to learn that mobile devices are outselling all other types of computing technology. iPhones, iPads, Android phone, Android tablets, eReaders and, yes, even Windows phones and tablets, are vastly outselling the traditional desktop or laptop computer.

MJ Shoer

It should come as no surprise to learn that mobile devices are outselling all other types of computing technology. iPhones, iPads, Android phone, Android tablets, eReaders and, yes, even Windows phones and tablets, are vastly outselling the traditional desktop or laptop computer.

This has been the case in the consumer sector for some time now, and it's trending in the business marketplace as well.

With the proliferation of mobile devices, it was inevitable that they would become mainstream in the workplace. Whether you provide mobile devices to your staff or allow them to bring their own into your workplace, you need to have appropriate policies in place to govern their use.

If you think a policy to govern the use of mobile devices may not be necessary for your business, consider the following statistics: 81 percent of people who have a mobile device use it for work purposes, even if it is a personal device. That is, eight out of 10 people who have a mobile device connect it to their work networks. Sixty percent of these same people use a line-of-business application on their mobile device. Just to be clear, in this case a mobile device is a smartphone or tablet, but when it comes to basic services like e-mail, some eReaders may need to be taken into consideration as well.

When I call something a line-of-business application, sometimes referred to as an LOB, this could be your company sales database, accounting application or other software system that performs a very specific function in your business. This means that of eight people who use their mobile device for work purposes, nearly five of them also have some very specific company data on their mobile devices as well.

If these data points alone are not convincing enough, consider that 10 percent of companies do not know all of the mobile devices that have access to the company network. This means there are people and devices accessing the company's IT systems that the company does not know about.

How can this be possible? It could be as simple as someone providing a co-worker the passphrase to connect to the wireless network, not knowing the co-worker is connecting a personal mobile device to the company network. It could be people connecting to the company e-mail system, if you do not have proper controls in place that require users to be specifically authorized for this access.

Finally, statistics show one in four people store bank account information, like account numbers and bank Web site log-in details, on their mobile phones. For people with access to company banking information, this applies to them as well, so a person who does company banking may actually be keeping confidential details about both their personal and work banking on their mobile phone.

Amazingly, studies have also shown 34 percent of people keep their work e-mail passwords on their mobile devices. Worst of all, fewer than six out of 10 people who lose a mobile device change all their passwords following a loss. That's a huge exposure of risk.

So what is a business expected to do? First, you have to decide whether you are going to allow only company-issued mobile devices or a combination of company-issued and personally owned mobile devices to connect. Regardless of your choice, you need a clear policy statement that you communicate to employees about whichever type of device.

While many of the statistics referenced above are pretty scary, your policy does not need to be. It should be clear, simple and consistent. In other words, don't make exceptions. Notify your employees of what types of devices you will support, what they are allowed to access and how. Notify them that in connecting to company resources, they are giving up some of their privacy, in the same manner that they do when signing your company's computer use policy.

You do have a computer-use policy, correct?

Anything they do with company data is company property, whether it's on a company-owned device or a personal device. Mobile devices being what they are, people are going to have personal e-mail and pictures on them, so you want to clearly alert them that they, not the company, are responsible for backing up and protecting the personal data. If they lose the phone or separate from the company, whether by their choice or yours, the company will wipe the device and render it useless, erasing all the data that was on it.

The company data will be backed up and safeguarded on the company network. The personal e-mail and pictures will not, and this needs to be made clear.

The introduction of mobile devices can be a huge productivity booster. It also introduces risk that must be clearly understood and properly managed in order to make sure the company does not experience a data breach or worse. Talk with your legal counsel and your IT partner and be sure your business has a clear, simple and effective mobile device management policy.

MJ Shoer is president and virtual chief technology officer of Jenaly Technology Group, Your Technology Concierge based in Portsmouth. You may read more about business IT topics on his blog at http://mjsblog.jenaly.com and you may reach him at mshoer@jenaly.com.

Advertise

Original content available for non-commercial use under a Creative Commons license, except where noted.
seacoastonline.com ~ 111 New Hampshire Ave., Portsmouth, NH 03801 ~ Privacy Policy ~ Terms Of Service